package com.lzy.securityResources.config;


import com.lzy.conf.RsaKeyProperties;
import com.lzy.securityResources.filter.JwtVerifyFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

/**
 * @author Robod
 * @date 2020/8/9 15:47
 */
@Configuration
@EnableWebSecurity      //加了这个注解才能写SpringSecurity相关的配置
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private RsaKeyProperties rsaKeyProperties;
    private MyAccessDeniedHandler myAccessDeniedHandler;
    @Value("${jwt.expire}")
    private long expire;
    @Autowired
    public WebSecurityConfig(RsaKeyProperties rsaKeyProperties, MyAccessDeniedHandler myAccessDeniedHandler) {
        this.rsaKeyProperties = rsaKeyProperties;
        this.myAccessDeniedHandler = myAccessDeniedHandler;
    }


    /**
     * 配置SpringSecurity相关信息
     *
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        //frame允许显示
        http.headers().frameOptions().disable();
        //关闭csrf
        http.csrf().disable();
        //Jwt令牌认证
        http.addFilter(new JwtVerifyFilter(super.authenticationManager(), rsaKeyProperties,expire));
        //禁用session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        //无权限提醒
        http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler);
    }

}
